PowerBuilder supports getting secured data from the OAuth 2.0 authorization server. The Bearer access token is supported, and the following grant types are supported:
-
Authorization Code
-
Implicit Flow
-
Client Credentials
-
Extension (or Refresh Token)
-
Resource Owner Password
Authorization Code and Implicit Flow can be implemented using the WebBrowser control and the OAuthClient object. The WebBrowser control gets the authorization code. The OAuthClient object obtains the access token and protected resources.
Client Credentials, Extension, and Resource Owner Password can be implemented using the OAuthClient object (including TokenRequest, TokenResponse, OAuthRequest, and ResourceResponse). The OAuthClient object obtains the access token and protected resources. The TokenRequest and TokenResponse objects get or set the access token request and response. The OAuthRequest and ResourceResponse objects get or set the protected resource request and response.
PowerBuilder supports the Basic HTTP authentication theme (see Example 2 (using HTTPClient)), and does not support the following HTTP authentication themes: Digest, NTLM, Passport, and Negotiate.
As shown in the following figure, to access data from the OAuth 2.0 authorization server, there are mainly two steps:
-
Use the HTTP Post method to request the access token from the authorization server;
-
Set the access token in the HTTP Authorization header, and use Get method to request the data from the resource server.
This section provides code examples to demonstrate how to get data using different grant type.
And the examples will use the following server settings and parameters.
| For requesting access token | |||||
|---|---|---|---|---|---|
|
Token URL and settings |
TokenLocation="https://xxx.xxx.xxx/oauth2/token" ClientID="367c4163ddc1427d96655cd220c6714b" Secret="4079f8749939446cbc81fd0c27709187" |
||||
|
Parameters |
Authorization Server (GrantType="authorization_code"):
|
Implicit Flow:
|
Client Credentials (GrantType="client_credentials"):
|
Extension (GrantType="refresh_token"):
|
Resource Owner Password (GrantType="password"):
|
|
Format |
JSON |
||||
|
Required Authentication |
Yes ("Basic ...") Note: The WebBrowser control does not support the OAuth basic authentication, therefore, when implementing the Authorization Code grant type with the WebBrowser control, the user will have to specify the authorization username and password. |
||||
|
Successful Responses: |
Return the following value and JSON string if succeed: 200 OK {"access_token": "0374672c0f9a83d7e808725bd8ea748a250f2b8e151b9d93f2afa7805ec2dd52", "expires_in": 3600, "token_type": "Bearer", "refresh_token": "8a9767b5f7e59245339cb965ce4bfdf589e155535c042a8b2a90d89093eefb7e"} |
||||
| For requesting resource | |||
|---|---|---|---|
|
Resource URL |
https://xxx.xxx.xxx/order/getall |
||
|
Format |
JSON |
||
|
Required Authentication |
Yes ("Bearer ...") |
||
|
Successful Responses: |
Return the following value and JSON string if succeed: 200 OK [{"person_Title": "Mr.", "person_Firstname": "Kevin", "person_Middlename": "F.", "person_Lastname": "Browne", "customer_Modifieddate": "2014-09-12T11:15:07.263", "customer_Customerid": 29592, "sumamt": 80468.2110, "avgamt": 10058.5263}] |
||
For the Authorization Code grant type (granttype = "authorization_code"), the following example is provided for demonstration using the WebBrowser control and the OAuthClient object.
The WebBrowser control does not support the OAuth basic authentication, therefore, when implementing the Authorization Code grant type with the WebBrowser control, the user will have to specify the authorization username and password.
Step 1: Get the redirect authorization code by accessing the authorization URL via the WebBrowser control.
The Google OAuth server is used in this example. You will need to ask the user to input the user name and password for accessing the URL. The WebBrowser control will pass along the user name and password, and will be returned with the authorization code when successful.
ls_Url_code = "https://accounts.google.com/o/oauth2/auth?client_id=" + ls_id + "&redirect_uri=" + ls_redirect +"&scope=" + ls_Scope + "&response_type=code" OpenWithParm (w_webbrowser, ls_Url_code) //via the WebBrowser control ls_code = Message.Stringparm
Step 2: Get the access token using the authorization code via OAuthClient.
ltr_Request.tokenlocation = "https://accounts.google.com/o/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.granttype = "authorization_code"
ltr_Request.clientid = ls_id
ltr_Request.clientsecret = ls_secret
ltr_Request.ClearParams()
ltr_Request.AppendParam( "grant_type", "authorization_code")
ltr_Request.AppendParam( "client_id", ls_id )
ltr_Request.AppendParam( "client_secret", ls_secret )
ltr_Request.AppendParam( "scope", ls_Scope )
ltr_Request.AppendParam( "code", ls_code )
ltr_Request.AppendParam( "redirect_uri", ls_Redirect )
ltr_Request.ClearHeaders()
ltr_Request.SetHeader("Content-Type", "application/x-www-form-urlencoded")
li_rtn = loa_Client.AccessToken( ltr_Request, ltr_Response )
Step 3: Get the resource from the resource URL via the access token.
OAuthRequest loa_Request ResourceResponse lrr_Response loa_Request.SetAccessToken (access_token) loa_Request.Method = "GET" loa_Request.Url = "https://www.googleapis.com/oauth2/v1/tokeninfo" li_rtn = ioa_Client.requestresource( loa_Request, lrr_Response )
The complete code example is as below:
String ls_id, ls_secret, ls_Scope, ls_Redirect
String ls_Body, ls_code, ls_Url_code, ls_AccessToken
Integer li_rtn
OAuthClient loa_Client
TokenRequest ltr_Request
TokenResponse ltr_Response
OAuthRequest loa_Request
ResourceResponse lrr_Response
CoderObject lco_Code
Blob lb_data
lco_Code = Create CoderObject
loa_Client = Create OAuthClient
ls_id = "434849452875-6905f1g9rjiargcnqut06afmnn0b0fp7.apps.googleusercontent.com"
ls_secret = "E1b7RsBxZWKq_yrl-kbfONF5"
ls_Scope = "https://www.googleapis.com/auth/youtube"
ls_Redirect = "https://www.appeon.com/callback"
//Step 1: Get the authorization code
ls_Url_code = "https://accounts.google.com/o/oauth2/auth?client_id=" + ls_id + "&redirect_uri=" + ls_Redirect +"&scope=" + ls_Scope + "&response_type=code"
OpenWithParm ( w_webbrowser,ls_Url_code )
ls_code = Message.Stringparm
If Len ( ls_code ) < 1 Then Return
If Pos( ls_code, "code=" ) < 0 Then return
ls_code = Mid ( ls_code, pos(ls_code,"=") + 1)
ls_code = Mid ( ls_code, 1, pos(ls_code,"&") - 1)
lb_data = lco_Code.Urldecode( ls_code)
ls_code = String ( lb_data,EncodingANSI!)
//Step 2: Get the RESTful Server token
ltr_Request.tokenlocation = "https://accounts.google.com/o/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.granttype = "authorization_code"
ltr_Request.clientid = ls_id
ltr_Request.clientsecret = ls_secret
ltr_Request.ClearParams()
ltr_Request.AppendParam( "grant_type","authorization_code")
ltr_Request.AppendParam( "client_id", ls_id )
ltr_Request.AppendParam( "client_secret", ls_secret )
ltr_Request.AppendParam( "scope", ls_Scope )
ltr_Request.AppendParam( "code", ls_code )
ltr_Request.AppendParam( "redirect_uri", ls_Redirect )
ltr_Request.ClearHeaders()
ltr_Request.SetHeader("Content-Type","application/x-www-form-urlencoded")
li_rtn = loa_Client.AccessToken( ltr_Request, ltr_Response )
If li_rtn = 1 Then
ls_AccessToken = ltr_Response.GetAccessToken ( )
//Step 3: Get the RESTful Server resource
If Len(ls_AccessToken) > 0 Then
loa_Request.SetAccessToken (ls_AccessToken)
loa_Request.Method = "GET"
loa_Request.Url = "https://www.googleapis.com/oauth2/v1/tokeninfo"
li_rtn = loa_Client.requestresource( loa_Request, lrr_Response )
If li_rtn = 1 Then
lrr_Response.GetBody(ls_Body)
MessageBox ( "Tips", ls_Body )
End If
End If
End If
For the Implicit Flow grant type, the following example is provided for demonstration using the WebBrowser control and the OAuthClient object.
Step 1: Get the access token of the redirect authorization code by accessing the authorization URL via the WebBrowser control. You will need to input the user name and password for accessing the URL.
ls_Url_token = "https://accounts.google.com/o/oauth2/auth?client_id=" + ls_id + "&redirect_uri=" + ls_redirect +"&scope=" + ls_Scope + "&response_type=token" OpenWithParm ( w_webbrowser, ls_Url_token ) //via the WebBrowser control ls_AccessToken = Message.Stringparm
Step 2: Get the resource from the resource URL via the access token.
OAuthRequest loa_Request ResourceResponse lrr_Response loa_Request.SetAccessToken (access_token) loa_Request.Method = "GET" loa_Request.Url = "https://www.googleapis.com/oauth2/v1/tokeninfo" li_rtn = ioa_Client.requestresource( loa_Request, lrr_Response )
The complete code example is as below:
String ls_id, ls_Scope, ls_Redirect String ls_Body, ls_AccessToken, ls_Url_token Integer li_rtn OAuthClient loa_Client OAuthRequest loa_Request ResourceResponse lrr_Response loa_Client = Create OAuthClient ls_id = "434849452875-6905f1g9rjiargcnqut06afmnn0b0fp7.apps.googleusercontent.com" ls_Scope = "https://www.googleapis.com/auth/youtube" ls_Redirect = "https://www.appeon.com/callback" //Step 1: Get the access token ls_Url_token = "https://accounts.google.com/o/oauth2/auth?client_id=" + ls_id + "&redirect_uri=" + ls_Redirect +"&scope=" + ls_Scope + "&response_type=token" OpenWithParm ( w_webbrowser2,ls_Url_token ) ls_AccessToken = Message.Stringparm If Len ( ls_AccessToken ) < 1 Then Return If Pos( ls_AccessToken, "access_token=" ) < 0 Then return ls_AccessToken = Mid ( ls_AccessToken, Pos( ls_AccessToken, "access_token=" ) + 13) ls_AccessToken = Mid ( ls_AccessToken,1,pos(ls_AccessToken,"&token_type") - 1) //Step 2: Get the RESTful Server resource If Len(ls_AccessToken) > 0 Then loa_Request.SetAccessToken (ls_AccessToken) loa_Request.Method = "GET" loa_Request.Url = "https://www.googleapis.com/oauth2/v1/tokeninfo" li_rtn = loa_Client.requestresource( loa_Request, lrr_Response ) If li_rtn = 1 Then lrr_Response.GetBody(ls_Body) MessageBox ( "Tips", ls_Body ) End If End If If IsValid ( loa_Client ) Then Destroy ( loa_Client )
For the Client Credentials grant type (granttype = "client_credentials"), the following example is provided for demonstration using OAuthClient object.
Step 1: Get the RESTful server access token.
Step 2: Get the RESTful server resource.
The complete code example is as below:
OAuthClient loac_Client TokenRequest ltr_Request TokenResponse ltr_Response OAuthRequest loar_Request ResourceResponse lrr_Response String ls_AccessToken String ls_Body, ls_type, ls_description, ls_uri, ls_state Long ll_return loac_Client = Create OAuthClient //Step 1: Get the RESTful server access token. //The following line is fake code. Replace it with settings //from your OAuth 2.0 authorization server provider. ltr_Request.tokenlocation = "https://xxx.xxx.xxx/oauth2/token" ltr_Request.Method = "POST" ltr_Request.secureprotocol = 0 ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b" ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187" ltr_Request.scope = "dscode dsperf" ltr_Request.granttype = "client_credentials" ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response ) If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then ll_Return = ltr_Response.GetBody(ls_Body) If ll_Return = 1 Then ls_AccessToken = ltr_Response.GetAccessToken() //Step 2: Get the RESTful server resource. loar_Request.Method = "GET" //The following line is fake code. Replace it with settings //from your OAuth 2.0 authorization server provider. loar_Request.Url = "https://xxx.xxx.xxx/order/getall" loar_Request.SetAccessToken( ls_AccessToken ) ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response ) If ll_Return = 1 Then ll_Return = lrr_Response.GetBody(ls_Body) If ll_Return = 1 Then MessageBox ( "Resource", ls_Body ) End If Else MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() ) End If End If Else ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state) MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description ) End If If IsValid ( loac_Client ) Then DesTroy ( loac_Client )
For the Extension grant type (granttype = "refresh_token"), the following example is provided for demonstration using the OAuthClient object.
Step 1: Get the RESTful server access token.
Step 2: Get the RESTful server resource.
The complete code example is as below:
OAuthClient loac_Client TokenRequest ltr_Request TokenResponse ltr_Response OAuthRequest loar_Request ResourceResponse lrr_Response CoderObject lco_Code String ls_AccessToken, ls_refresh_token, ls_ClientID, ls_Sercet, ls_Auth String ls_Body, ls_type, ls_description, ls_uri, ls_state Long ll_return Blob lblb_data loac_Client = Create OAuthClient lco_Code = Create CoderObject //Step 1: Get the RESTful server access token. //Authorization ls_ClientID = "367c4163ddc1427d96655cd220c6714b" ls_Sercet = "4079f8749939446cbc81fd0c27709187" lblb_data = Blob ( ls_ClientID + ":" + ls_Sercet, EncodingUTF8! ) ls_Auth = lco_Code.Base64Encode( lblb_data ) ltr_Request.SetHeader( "Authorization", "Basic " + ls_Auth ) ltr_Request.SetHeader( "Content-Type", "application/x-www-form-urlencoded" ) //The following line is fake code. Replace it with settings //from your OAuth 2.0 authorization server provider. ltr_Request.tokenlocation = "https://xxx.xxx.xxx/oauth2/token" ltr_Request.Method = "POST" ltr_Request.secureprotocol = 0 ltr_Request.scope = "testcode upcode profile offline_access" ltr_Request.granttype = "refresh_token" ls_refresh_token = "8a9767b5f7e59245339cb965ce4bfdf589e155535c042a8b2a90d89093eefb7e" ltr_Request.AppendParam("refresh_token",ls_refresh_token ) ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response ) If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then ll_Return = ltr_Response.GetBody(ls_Body) If ll_Return = 1 Then ls_AccessToken = ltr_Response.GetAccessToken() //Step 2: Get the RESTful server resource. loar_Request.Method = "GET" //The following line is fake code. Replace it with settings //from your OAuth 2.0 authorization server provider. loar_Request.Url = "https://xxx.xxx.xxx/order/getall" loar_Request.SetAccessToken( ls_AccessToken ) ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response ) If ll_Return = 1 Then ll_Return = lrr_Response.GetBody(ls_Body) If ll_Return = 1 Then MessageBox ( "Resource", ls_Body ) End If Else MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() ) End If End If Else ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state) MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description ) End If If IsValid ( loac_Client ) Then DesTroy ( loac_Client ) If IsValid ( lco_Code ) Then DesTroy ( lco_Code )
For the Resource Owner Password grant type (granttype = "password"), three examples are provided respectively:
-
Example 1 using OAuthClient object (recommended)
-
Example 2 using HTTPClient object
-
Example 3 using OAuthClient and HTTPClient objects
Step 1: Get the RESTful server access token.
Step 2: Get the RESTful server resource.
The complete code example is as below:
OAuthClient loac_Client TokenRequest ltr_Request TokenResponse ltr_Response OAuthRequest loar_Request ResourceResponse lrr_Response String ls_AccessToken String ls_Body, ls_type, ls_description, ls_uri, ls_state Long ll_return loac_Client = Create OAuthClient //Step 1: Get the RESTful server access token. //The following line is fake code. Replace it with settings //from your OAuth 2.0 authorization server provider. ltr_Request.tokenlocation = "https://xxx.xxx.xxx/oauth2/token" ltr_Request.Method = "POST" ltr_Request.secureprotocol = 0 ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b" ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187" ltr_Request.UserName = "username" ltr_Request.Password = "password123" ltr_Request.scope = "testcode" ltr_Request.granttype = "password" ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response ) If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then ll_Return = ltr_Response.GetBody(ls_Body) If ll_Return = 1 Then ls_AccessToken = ltr_Response.GetAccessToken() //Step 2: Get the RESTful server resource. loar_Request.Method = "GET" //The following line is fake code. Replace it with settings //from your OAuth 2.0 authorization server provider. loar_Request.Url = "https://xxx.xxx.xxx/order/getall" loar_Request.SetAccessToken( ls_AccessToken ) ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response ) If ll_Return = 1 Then ll_Return = lrr_Response.GetBody(ls_Body) If ll_Return = 1 Then MessageBox ( "Resource", ls_Body ) End If Else MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() ) End If End If Else ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state) MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description ) End If If IsValid ( loac_Client ) Then DesTroy ( loac_Client )
Step 1: Get the RESTful server access token.
Step 2: Get the RESTful server resource.
The complete code example is as below:
HttpClient lhc_Client CoderObject lco_Code Jsonpackage ljpg_json String ls_ClientID, ls_Sercet, ls_Auth, ls_Url, ls_PostData, ls_UserName, ls_Password, ls_scope, ls_Body, ls_Error String ls_Token, ls_TokenType, ls_AccessToken Blob lblb_data Long ll_return lhc_Client = Create HttpClient lco_Code = Create CoderObject ljpg_json = Create Jsonpackage //Step 1: Get the RESTful server access token. //Url //The following line is fake code. Replace it with settings //from your OAuth 2.0 authorization server provider. ls_Url = "https://xxx.xxx.xxx/oauth2/token" //Authorization ls_ClientID = "367c4163ddc1427d96655cd220c6714b" ls_Sercet = "4079f8749939446cbc81fd0c27709187" lblb_data = Blob ( ls_ClientID + ":" + ls_Sercet, EncodingUTF8! ) ls_Auth = lco_Code.Base64Encode( lblb_data ) lhc_Client.SetRequestHeader( "Authorization", "Basic " + ls_Auth ) lhc_Client.SetRequestHeader( "Content-Type", "application/x-www-form-urlencoded" ) //PostData ls_UserName = "username" ls_Password = "password123" ls_scope = "testcode" ls_PostData = "grant_type=password&username="+ls_UserName+"&password="+ls_Password+"&scope=" + lco_Code.UrlEncode( Blob(ls_scope,EncodingUTF8!)) ll_return = lhc_Client.SendRequest( "POST", ls_Url, ls_PostData ) If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then lhc_Client.GetResponseBody ( ls_body ) ls_Error = ljpg_json.loadString ( ls_body ) If ls_Error = "" then ls_TokenType = ljpg_json.GetValue("token_type") ls_Token = ljpg_json.GetValue("access_token") ls_AccessToken = ls_TokenType + " " + ls_Token //Step 2: Get the RESTful server resource. //The following line is fake code. Replace it with settings //from your OAuth 2.0 authorization server provider. ls_Url = "https://xxx.xxx.xxx/order/getall" lhc_Client.ClearRequestHeaders() lhc_Client.SetRequestHeader( "Authorization", ls_AccessToken ) ll_return = lhc_Client.SendRequest( "GET", ls_Url ) If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then lhc_Client.GetResponseBody ( ls_body ) MessageBox ( "Resource", ls_body ) Else MessageBox( "ResourceResponse Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() ) End If Else MessageBox( "Error", ls_Error ) End If Else MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() ) End If If IsValid ( lco_Code ) Then DesTroy ( lco_Code ) If IsValid ( ljpg_json ) Then DesTroy ( ljpg_json ) If IsValid ( lhc_Client ) Then DesTroy ( lhc_Client )
Step 1: Get the RESTful server access token.
Step 2: Get the RESTful server resource.
The complete code example is as below:
OAuthClient loac_Client TokenRequest ltr_Request TokenResponse ltr_Response HttpClient lhc_Client String ls_AccessToken, ls_TokenType String ls_Body, ls_type, ls_description, ls_uri, ls_state, ls_Url Long ll_return loac_Client = Create OAuthClient lhc_Client = Create HttpClient //Step 1: Get the RESTful server access token. //The following line is fake code. Replace it with settings //from your OAuth 2.0 authorization server provider. ltr_Request.tokenlocation = "https://xxx.xxx.xxx/oauth2/token" ltr_Request.Method = "POST" ltr_Request.secureprotocol = 0 ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b" ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187" ltr_Request.UserName = "username" ltr_Request.Password = "password123" ltr_Request.scope = "testcode" ltr_Request.granttype = "password" ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response ) If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then ls_AccessToken = ltr_Response.GetAccessToken() ls_TokenType = ltr_Response.GetTokenType( ) //Step 2: Get the RESTful server resource. //The following line is fake code. Replace it with settings //from your OAuth 2.0 authorization server provider. ls_Url = "https://xxx.xxx.xxx/order/getall" lhc_Client.ClearRequestHeaders() lhc_Client.SetRequestHeader( "Authorization", ls_TokenType + " " + ls_AccessToken ) ll_return = lhc_Client.SendRequest( "GET", ls_Url ) If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then lhc_Client.GetResponseBody ( ls_body ) MessageBox ( "Resource", ls_body) Else MessageBox( "ResourceResponse Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() ) End If Else ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state) MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description ) End If If IsValid ( loac_Client ) Then DesTroy ( loac_Client ) If IsValid ( lhc_Client ) Then DesTroy ( lhc_Client )
